===================================================== BUG: KMSAN: uninit-value in try_to_wake_up+0x693/0x1340 kernel/sched/core.c:4011 try_to_wake_up+0x693/0x1340 kernel/sched/core.c:4011 wake_up_process+0x34/0x40 kernel/sched/core.c:4166 wake_up_worker kernel/workqueue.c:855 [inline] insert_work kernel/workqueue.c:1368 [inline] __queue_work+0x180d/0x1e10 kernel/workqueue.c:1519 delayed_work_timer_fn+0xa1/0xd0 kernel/workqueue.c:1644 call_timer_fn+0x84/0x470 kernel/time/timer.c:1421 expire_timers+0x428/0x650 kernel/time/timer.c:1461 __run_timers+0x6a4/0xa30 kernel/time/timer.c:1734 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1747 __do_softirq+0x1c9/0x6ec kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu kernel/softirq.c:636 [inline] irq_exit_rcu+0xd9/0x1d0 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 virt_to_page_or_null+0x4/0xf0 mm/kmsan/shadow.c:133 kmsan_get_metadata+0x11b/0x180 mm/kmsan/shadow.c:202 kmsan_get_shadow_origin_ptr+0x97/0xd0 mm/kmsan/shadow.c:161 get_shadow_origin_ptr mm/kmsan/instrumentation.c:31 [inline] __msan_metadata_ptr_for_load_4+0x20/0x30 mm/kmsan/instrumentation.c:67 eligible_child kernel/exit.c:976 [inline] wait_consider_task+0x333/0x4c00 kernel/exit.c:1296 do_wait_thread kernel/exit.c:1399 [inline] do_wait+0x3d2/0x1300 kernel/exit.c:1516 kernel_wait4+0x40b/0x610 kernel/exit.c:1679 __do_sys_wait4 kernel/exit.c:1707 [inline] __se_sys_wait4 kernel/exit.c:1703 [inline] __x64_sys_wait4+0x1f5/0x3f0 kernel/exit.c:1703 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae ------------[ cut here ]------------ slab index 9982 out of bounds (821) for stack id 824e26fe WARNING: CPU: 1 PID: 8801 at lib/stackdepot.c:249 stack_depot_fetch+0x2d/0x60 lib/stackdepot.c:248 Modules linked in: CPU: 1 PID: 8801 Comm: syz-executor.4 Not tainted 5.15.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:stack_depot_fetch+0x2d/0x60 lib/stackdepot.c:248 Code: e5 53 89 f9 48 c7 06 00 00 00 00 0f b7 c1 8b 15 09 3e 8f 0b 39 d0 7e 16 31 db 48 c7 c7 a5 55 cc 90 89 c6 31 c0 e8 e3 13 15 fb <0f> 0b eb 28 89 c0 48 8b 04 c5 10 e7 e0 91 48 85 c0 74 17 c1 e9 0c RSP: 0018:ffff88813fd056a8 EFLAGS: 00010046 RAX: 79daa84cda24fc00 RBX: 0000000000000000 RCX: ffff888023505f40 RDX: 0000000080000100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88813fd056b0 R08: ffffffff81da9df8 R09: 0000000000000000 R10: 0000000000000800 R11: 000001d5b56c3564 R12: ffff88813fd05808 R13: ffff888023505f40 R14: 0000000000000016 R15: 00000000824e26fe FS: 000055555579e400(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2ee23000 CR3: 000000015248a000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kmsan_print_origin+0x41/0x310 mm/kmsan/report.c:92 kmsan_report+0x1ed/0x2f0 mm/kmsan/report.c:180 __msan_warning+0xb4/0x100 mm/kmsan/instrumentation.c:224 try_to_wake_up+0x693/0x1340 kernel/sched/core.c:4011 wake_up_process+0x34/0x40 kernel/sched/core.c:4166 wake_up_worker kernel/workqueue.c:855 [inline] insert_work kernel/workqueue.c:1368 [inline] __queue_work+0x180d/0x1e10 kernel/workqueue.c:1519 delayed_work_timer_fn+0xa1/0xd0 kernel/workqueue.c:1644 call_timer_fn+0x84/0x470 kernel/time/timer.c:1421 expire_timers+0x428/0x650 kernel/time/timer.c:1461 __run_timers+0x6a4/0xa30 kernel/time/timer.c:1734 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1747 __do_softirq+0x1c9/0x6ec kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu kernel/softirq.c:636 [inline] irq_exit_rcu+0xd9/0x1d0 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 RIP: 0010:kmsan_virt_addr_valid mm/kmsan/shadow.c:78 [inline] RIP: 0010:virt_to_page_or_null+0x4/0xf0 mm/kmsan/shadow.c:134 Code: 48 0f af c8 48 09 d9 48 b8 00 00 00 00 80 88 ff ff e9 fd fe ff ff 31 c0 5b 41 5e 41 5f 5d c3 0f 0b 0f 1f 44 00 00 55 48 89 e5 <48> 89 fa 48 81 ea 00 00 00 80 73 27 48 be 00 00 00 00 80 77 00 00 RSP: 0018:ffff88814e9dba10 EFLAGS: 00000297 RAX: 00000000007fffc4 RBX: ffff88814e9dbd6c RCX: 000000014e1dbd00 RDX: ffff8881ce9dbd6c RSI: 0000000000000001 RDI: ffff88814e9dbd6c RBP: ffff88814e9dba10 R08: ffffea000000000f R09: ffff88813fffa000 R10: 0000000000000002 R11: ffff888023505f40 R12: 0000000040000005 R13: ffff8880235069f8 R14: 0000000000000001 R15: 0000000000000001 kmsan_get_metadata+0x11b/0x180 mm/kmsan/shadow.c:202 kmsan_get_shadow_origin_ptr+0x97/0xd0 mm/kmsan/shadow.c:161 get_shadow_origin_ptr mm/kmsan/instrumentation.c:31 [inline] __msan_metadata_ptr_for_load_4+0x20/0x30 mm/kmsan/instrumentation.c:67 eligible_child kernel/exit.c:976 [inline] wait_consider_task+0x333/0x4c00 kernel/exit.c:1296 do_wait_thread kernel/exit.c:1399 [inline] do_wait+0x3d2/0x1300 kernel/exit.c:1516 kernel_wait4+0x40b/0x610 kernel/exit.c:1679 __do_sys_wait4 kernel/exit.c:1707 [inline] __se_sys_wait4 kernel/exit.c:1703 [inline] __x64_sys_wait4+0x1f5/0x3f0 kernel/exit.c:1703 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe5dd862f87 Code: 89 7c 24 10 48 89 4c 24 18 e8 35 50 02 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 65 50 02 00 8b 44 RSP: 002b:00007fe5ddeabd50 EFLAGS: 00000293 ORIG_RAX: 000000000000003d RAX: ffffffffffffffda RBX: 0000000000000308 RCX: 00007fe5dd862f87 RDX: 0000000040000001 RSI: 00007fe5ddeabddc RDI: 00000000ffffffff RBP: 00007fe5ddeabddc R08: 0000000000000000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 R13: 00000000000de340 R14: 0000000000000009 R15: 00007fe5ddeabe40 ---[ end trace 3bcf8d564a269426 ]--- Uninit was created at: (stack is not available) ===================================================== ---------------- Code disassembly (best guess): 0: 48 0f af c8 imul %rax,%rcx 4: 48 09 d9 or %rbx,%rcx 7: 48 b8 00 00 00 00 80 movabs $0xffff888000000000,%rax e: 88 ff ff 11: e9 fd fe ff ff jmpq 0xffffff13 16: 31 c0 xor %eax,%eax 18: 5b pop %rbx 19: 41 5e pop %r14 1b: 41 5f pop %r15 1d: 5d pop %rbp 1e: c3 retq 1f: 0f 0b ud2 21: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 26: 55 push %rbp 27: 48 89 e5 mov %rsp,%rbp * 2a: 48 89 fa mov %rdi,%rdx <-- trapping instruction 2d: 48 81 ea 00 00 00 80 sub $0xffffffff80000000,%rdx 34: 73 27 jae 0x5d 36: 48 be 00 00 00 00 80 movabs $0x778000000000,%rsi 3d: 77 00 00